Android Targeted by 75 Percent of All Mobile Malware
This week's Android security update spotlights findings from an F-Secure report that suggests Android is by far the leading target of mobile-malware authors, along with a demonstration from a recent conference that showed a number of glaring Android security holes.
By Al Sacco
Managing Editor, CIO
It’s no surprise that Android malware makes up the lion’s share of mobile malware today, but a new report from Finnish antivirus firm F-Secure suggests that Android malware now represents a whopping three quarters of all such malware.
F-Secure’s Mobile Malware Report Q1 2012, released this week, includes a number of security- and Android-related findings from the three months ending on March 29, along with comparisons to findings from previous quarterly reports.
Specifically, F-Secure says 37 of the 49 new mobile malware types identified during the past quarter were designed to exploit Android devices, compared to 10 of the 17 types, or roughly 59 percent, of malware found in the last quarter of 2011.
From the F-Secure report:
“New families and variants of [Android] malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new families and variants discovered in Q1 2012 alone. A comparison between the number of malicious Android application package files (APKs) received in Q1 2011 and in Q1 2012 reveals a more staggering find — an increase from 139 to 3063 counts.”
The company’s data is particularly troubling when you consider the fact that many Android devices are riddled with security holes that could be exploited by these types of malware. Tyrone Erasmus, security consultant at MWR InfoSecurity, yesterday demonstrated some of Android’s most obvious security weaknesses at an ITWeb Security Summit event. Erasmus used his “Mercury” framework, which he developed to identify vulnerabilities in the Android OS, to easily expose a variety of vulnerabilities, including the ability to steal passwords and text messages and access built-in storage and memory cards.
Security researchers recently identified a number of malicious Android applications “in the wild” that could take advantage of these vulnerabilities and more, including apps that launch DoS attacks and Trojans hidden inside popular games and software like Angry Birds and Instagram.
Android malware may not be a widespread issue right now, and most of the known malware is distributed through questionable sources that cautious users should probably know to avoid, but the potential exists for Android malware to multiply rapidly. And all signs seem to suggest Android malware will become more of a problem in the future.
Al Sacco was a journalist, blogger and editor who covers the fast-paced mobile beat for CIO.com and IDG Enterprise, with a focus on wearable tech, smartphones and tablet PCs. Al managed CIO.com writers and contributors, covered news, and shared insightful expert analysis of key industry happenings. He also wrote a wide variety of tutorials and how-tos to help readers get the most out of their gadgets, and regularly offered up recommendations on software for a number of mobile platforms. Al resides in Boston and is a passionate reader, traveler, beer lover, film buff and Red Sox fan.